Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/t7opZuGDurXLGnik28nnOob2EWY.roa
File:                     t7opZuGDurXLGnik28nnOob2EWY.roa (raw, json)
Hash identifier:          7NjYJoFB8JiXhej9GIlCyfatrDgLteBzK/A43OQfUAs=
Subject key identifier:   B7:BA:29:66:E1:83:BA:B5:CB:1A:78:A4:DB:C9:E7:3A:86:F6:11:66
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01997C937A9EC0B8EA0BAFF1E197D0BEC24E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/t7opZuGDurXLGnik28nnOob2EWY.roa
Signing time:             Wed 24 Sep 2025 16:34:23 +0000
ROA not before:           Wed 24 Sep 2025 16:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        45.95.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7c:93:7a:9e:c0:b8:ea:0b:af:f1:e1:97:d0:be:c2:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Sep 24 16:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7ba2966e183bab5cb1a78a4dbc9e73a86f61166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b2:b9:8b:56:3a:77:82:ca:89:31:ca:d8:87:
                    26:d3:bf:2c:35:e9:e8:20:6f:65:08:fd:7e:d6:42:
                    ba:5d:c2:e7:d4:68:d2:5a:ec:5d:94:47:7e:e5:b4:
                    92:b9:f9:a9:2c:ad:b6:04:da:5b:92:69:60:c3:90:
                    cf:59:36:a8:a3:1c:81:58:e6:e2:ed:40:8c:3b:82:
                    66:47:5b:b1:17:39:18:d1:af:44:20:27:b5:c4:32:
                    e5:20:2f:a8:41:fc:58:97:14:de:34:16:23:a0:02:
                    cf:4b:1c:1d:b1:af:08:8d:e4:d9:95:90:e9:a6:b6:
                    d2:cc:1a:3b:a8:4f:2d:d5:7c:47:78:96:39:bb:ac:
                    fa:fa:2f:d3:50:4e:34:fb:43:1a:17:25:22:b3:90:
                    81:7b:71:c6:9a:fa:bc:36:5f:88:d2:db:df:1e:5a:
                    f1:bf:d3:23:66:be:80:0a:5b:da:88:b2:08:bb:03:
                    15:42:91:03:6f:f3:12:f6:c8:73:f3:ad:d0:9a:ec:
                    88:38:bb:34:d5:15:e8:45:3e:8c:5a:16:56:16:4b:
                    d5:24:81:1e:30:0f:3f:49:64:2a:e7:9b:c1:b8:00:
                    14:31:0f:67:2f:e1:9c:8c:e8:46:09:ec:e2:46:20:
                    7a:40:9e:a6:2f:26:fa:ac:08:d9:38:24:85:02:83:
                    70:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BA:29:66:E1:83:BA:B5:CB:1A:78:A4:DB:C9:E7:3A:86:F6:11:66
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/t7opZuGDurXLGnik28nnOob2EWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:c9:61:bf:93:94:d1:6c:b1:22:e8:2d:21:0c:34:7c:3e:e0:
         14:ef:ba:bf:6e:3b:0a:81:85:23:b2:48:1c:ab:dc:06:99:a3:
         5d:a6:b7:87:35:07:12:e9:36:2d:f8:aa:da:47:dc:49:12:72:
         9d:4c:be:bd:1f:51:53:27:19:bd:1f:52:75:b0:bb:d5:73:14:
         86:af:d4:8e:e7:2a:00:a7:5f:ac:ed:80:27:d8:91:8a:cd:3b:
         85:e3:73:5e:e0:3f:f9:ef:46:d7:a0:a2:e1:f2:be:c2:70:75:
         5f:98:42:b7:20:3f:b6:77:0f:2d:91:87:db:58:ae:b1:c3:c8:
         b2:4e:04:17:0e:06:5e:f6:41:0d:0e:ac:4f:76:9b:36:09:36:
         3d:b4:1e:f6:d8:7d:b4:fd:86:c1:a1:f1:9f:fb:bc:d8:79:d9:
         b3:f5:82:91:63:02:25:2f:d4:3b:54:41:ef:cc:76:77:99:02:
         62:09:b1:82:f7:46:ee:7d:63:e6:59:a8:4a:b8:2b:ad:57:b6:
         0c:5d:54:fb:80:6d:ba:1c:45:cf:64:45:fa:1e:bf:d9:42:ef:
         1b:6b:b5:18:6b:4d:ca:09:67:30:03:5a:79:e8:fc:33:59:ca:
         8b:93:04:83:0b:b5:dd:30:40:7f:16:96:be:fd:f5:cf:f6:3e:
         69:06:71:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl8k3qewLjqC6/x4ZfQvsJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwOTI0MTYzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JhMjk2NmUxODNiYWI1Y2IxYTc4YTRkYmM5ZTczYTg2ZjYxMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7K5i1Y6d4LKiTHK2Icm078sNeno
IG9lCP1+1kK6XcLn1GjSWuxdlEd+5bSSufmpLK22BNpbkmlgw5DPWTaooxyBWObi
7UCMO4JmR1uxFzkY0a9EICe1xDLlIC+oQfxYlxTeNBYjoALPSxwdsa8IjeTZlZDp
prbSzBo7qE8t1XxHeJY5u6z6+i/TUE40+0MaFyUis5CBe3HGmvq8Nl+I0tvfHlrx
v9MjZr6AClvaiLIIuwMVQpEDb/MS9shz863QmuyIOLs01RXoRT6MWhZWFkvVJIEe
MA8/SWQq55vBuAAUMQ9nL+GcjOhGCeziRiB6QJ6mLyb6rAjZOCSFAoNwBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe6KWbhg7q1yxp4pNvJ5zqG9hFmMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdDdvcFp1R0R1clhMR25pazI4bm5Pb2IyRVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8fMA0G
CSqGSIb3DQEBCwUAA4IBAQB3yWG/k5TRbLEi6C0hDDR8PuAU77q/bjsKgYUjskgc
q9wGmaNdpreHNQcS6TYt+KraR9xJEnKdTL69H1FTJxm9H1J1sLvVcxSGr9SO5yoA
p1+s7YAn2JGKzTuF43Ne4D/570bXoKLh8r7CcHVfmEK3ID+2dw8tkYfbWK6xw8iy
TgQXDgZe9kENDqxPdps2CTY9tB722H20/YbBofGf+7zYedmz9YKRYwIlL9Q7VEHv
zHZ3mQJiCbGC90bufWPmWahKuCutV7YMXVT7gG26HEXPZEX6Hr/ZQu8ba7UYa03K
CWcwA1p56PwzWcqLkwSDC7XdMEB/Fpa+/fXP9j5pBnG+
-----END CERTIFICATE-----